Please turn on your JavaScript for this page to function normally.
Social engineering attacks on open source developers are escalating
North Korean hackers spent weeks socially engineering an Axios maintainer through a fake Slack workspace, a cloned company identity, and a fabricated Microsoft Teams call that …
Self-spreading npm malware targets developers in new supply chain attack
Security researchers have uncovered another supply chain attack targeting developers: 19 typosquatting npm packages published on npmjs.com that steal credentials, infect …
Fake browser crash alerts turn Chrome extension into enterprise backdoor
Browser extensions are a high-risk attack vector for enterprises, allowing threat actors to bypass traditional security controls and gain a foothold on corporate endpoints. …
Featured news
Resources
Don't miss
- Claude helps researcher dig up decade-old Apache ActiveMQ RCE vulnerability (CVE-2026-34197)
- Acrobat Reader zero-day exploited in the wild for many months
- AI agent intent is a starting point, not a security strategy
- Asqav: Open-source SDK for AI agent governance
- BlueHammer: Windows zero-day exploit leaked